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Security is critical to a wide range of wireless data applications and services. While several 
security mechanisms and protocols have been developed in the context of the wired 
Internet, many new challenges arise due to the unique characteristics of battery powered 
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Requirements engineering, a vital component in successful project development, often 
neglects sufficient attention to security concerns. Further, industry lacks a useful model 
for incorporating security requirements into project development. Studies show that 
upfront attention to security saves the economy billions of dollars. Industry is thus in 
need of a model to examine security and quality requirements in the development stages 
of the production lifecycie.In this paper, we examine a methodol ... 

Keywords: process, requirements elicitation, requirements engineering, software 
engineering 



6 Security as a new dimension in embedded system design: Security as a ne w 
<H> dimension in embedded system desi gn 

^ Srivaths Ravi, Paul Kocher, Ruby Lee, Gary McGraw, Anand Raghunathan 

June 2004 Proceedings of the 41st annual conference on Design automation DAC '04 

Publisher: ACM Press 

i- i. * * . u. ft Additional Information: full citation , abstract , references , citings , index 

Full text available: Tfj pdf(209.10 KB) 3 : 

^ terms 

The growing number of instances of breaches in information security in the last few years 
has created a compelling case for efforts towards secure electronic systems. Embedded 
systems, which will be ubiquitously used to capture, store, manipulate, and access data of 
a sensitive nature, pose several unique and interesting security challenges. Security has 
been the subject of intensive research in the areas of cryptography, computing, and 
networking. However, despite these efforts, security is ... 
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Modeling and simulation of physical security systems involves designing and analyzing 
security systems, protocols, and policies that aim to protect fixed-site facilities against 
intrusions by external threats, as well as unauthorized acts by insiders. Realistic and 
credible simulations of such systems require incorporation of human behavior models 
along with cooperative engagement policies such as team formation, allocation of roles, 
team reorganization, and distributed decision making. In this ... 
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Performance, in terms of user response time and the consumption of processing and 
communications resources, is an important factor to be considered when designing 
authentication protocols. The mix of public key and secret key encryption algorithms 
typically included in these protocols makes it difficult to model performance using 
conventional analytical methods. In this article, we develop a validated modeling 
methodology to be used for analyzing authentication protocol features, and we use two ... 
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The development of a security system is generally performed through a multiphase 
methodology, starting from the initial preliminary analisys of the application environment, 
up to the physical implementation of the security mechanisms. In this framework, we 
propose a new approach for the development of security systems based on the reuse of 
existing security specifications. In the paper we illustrate how reusable specifications can 
be built by analyzing existing security systems, and ... 
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This paper identifies four security issues (access to Information Systems, secure 
communication, security management, development of secure Information Systems), and 
examines the extent to which these security issues have been addressed by existing 
research efforts. Research contributions in relation to these four security issues are 
analyzed from three viewpoints: a meta-model for information systems, the research 
approaches used, and the reference disciplines used. Our survey reveals that most ... 
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This paper studies the performance and security aspects of the iSCSI protocol in a 
network storage based system. Ethernet speeds have been improving rapidly and network 
throughput is no longer considered a bottleneck when compared to Fibre-channel based 
storage area networks. However, when security of the data traffic is taken into 
consideration, existing protocols like IPSec prove to be a major hindrance to the overall 
throughput. In this paper, we evaluate the performance of iSCSI when deploye ... 
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Many modern electronic systems-— including personal computers, PDAs, cell phones, 
network routers, smart cards, and networked sensors to name a few— need to access, 
store, manipulate, or communicate sensitive information, making security a serious 
concern in their design. Embedded systems, which account for a wide range of products 
from the electronics, semiconductor, telecommunications, and networking industries, face 
some of the most demanding security concerns— on the one hand, they are oft ... 

Keywords: Embedded systems, architecture, authentication, battery life, cryptographic 
algorithms, decryption, encryption, hardware design, processing requirements, security, 
security attacks, security protocols, tamper resistance 
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Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, 
and raise alerts independently, though there may be logical connections between them. In 
situations where there are intensive attacks, not only will actual alerts be mixed with false 
alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult 
for human users or intrusion response systems to understand the alerts and take 
appropriate actions. This paper presents a sequence of t ... 

Keywords: Intrusion detection, alert correlation, security management 
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>^ February 2006 ACM Transactions on Information and System Security (TISSEC), volume 
9 Issue 1 

Publisher: ACM Press 

Full text available: ^ pdf(645.58 KB) Additional Information: full citation , abstract , references , index terms 

Intrusion detection systems (IDSs) are used to detect traces of malicious activities 
targeted against the network and its resources. Anomaly-based IDSs build models of the 
expected behavior of applications by analyzing events that are generated during the 
applications' normal operation. Once these models have been established, subsequent 
events are analyzed to identify deviations, on the assumption that anomalies represent 
evidence of an attack. Host-based anomaly detection systems often rely on ... 

Keywords: Bayesian network, Intrusion detection, anomaly detection, computer security 
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Min Liu, Shudong Sun, Miaotiao Xing 

August 2005 Proceedings of the 7th international conference on Electronic commerce 
ICEC '05 

Publisher: ACM Press 

Full text available: ^ pdf(303.31 KB) Additional Information: full citation , abstract , references 

In this paper, issues about the trend of statistics information merchandizing, and the 
present situation of statistics information network and statistics information system 
security, are analyzed. Security construction scheme is put forward, which is appropriate 
to e-commerce of statistics information system. In the scheme, first, system framework 
of hierarchy PKI with three levels is established, and system composing elements and 
their function are studied, as well as flow chart of user certifi ... 

Keywords: PKI, e-commerce, security, statistics information 
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Publisher: ACM Press 
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Full text available: TS pdf(295.33 KB) 

terms 

We present a detailed analysis of the UNIX system calls and classify them according to 
their level of threat with respect to system penetration. Based on these results, an 
effective mechanism is proposed to control the invocation of critical, from the security 
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viewpoint, system calls. The integration into existing UNIX operating systems is carried 
out by instrumenting the code of the system calls in such a way that the execution is 
granted only in the case where the invoking process and the valu ... 

Keywords: Access control, Linux, privileged tasks, system calls interception, system 
penetration 



17 Security and inference in multilevel database and knowled g e-base systems ■ 
A. Matthew Morgenstern 

^ December 1987 ACM SIGMOD Record , Proceedings of the 1987 ACM SIGMOD 

international conference on Management of data SIGMOD '87, volume 
16 Issue 3 
Publisher: ACM Press 

Full text available - "pi pdf d 71 MB) Additional Information: full citation , abstract , references , citin gs, index 

terms 

This paper addresses the threat to multilevel security that arises from logical inference 
and the semantics of the application. Such compromises of security are particularly 
challenging since they circumvent traditional security mechanisms and rely on a user's 
knowledge of the application. The problems of inference and security have heretofore 
been amorphous and difficult to circumscribe. We focus on these problems in the context 
of a multilevel database system and show their relevance to k ... 

18 Automated analysis: Automatic placement of authorization hooks in the linux securit y Q 
M> modules framework 

^ Vinod Ganapathy, Trent Jaeger, Somesh Jha 

November 2005 Proceedings of the 12th ACM conference on Computer and 

communications security CCS '05 
Publisher: ACM Press 

Full text available: l fg| pdf(252.07 KB) Additional Information: full citation, abstract , references , index terms 

We present a technique for automatic placement of authorization hooks, and apply it to 
the Linux security modules (LSM) framework. LSM is a generic framework which allows 
diverse authorization policies to be enforced by the Linux kernel. It consists of a kernel 
module which encapsulates an authorization policy, and hooks into the kernel module 
placed at appropriate locations in the Linux kernel. The kernel enforces the authorization 
policy using hook calls. In current practice, hooks are ... 

Keywords: LSM, SELinux, hook placement, static analysis 

19 Modeling methodology A: innovative methodologies in M&S for people and g ood jjj 
flow: Developing data fusion systems devoted to security control in port facilities 

Enrico Bocca, Simone Viazzo, Francesco Longo, Giovanni Mirabelli 

December 2005 Proceedings of the 37th conference on Winter simulation WSC '05 
Publisher: Winter Simulation Conference 

Full text available: ^| pdf(284.86 KB) Additional Information: full citation , abstract , references 

The paper presents an innovative approach to seaport security problems. In particular the 
authors propose the Modelling & Simulation and Data Fusion integration to provide an 
efficient tool to test and improve the container inspection reliability taking into 
consideration - at the same time - the impact of different security level on system 
performances. In this context the opportunity given by new standards and normative, in 
terms of sharing information, highlights the possibility to use Simulat ... 
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symposium on Operating systems principles SOSP '83, volume 17 issue 5 
Publisher: ACM Press 

Full text available* f 51 ! odfd 09 MB) Additional Information: full citation , abstract , references , citings, index 
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This paper discusses the formal verification of the design of an operating system kernel's 
conformance to the multilevel security property. The kernel implements multiple 
protection structures to support both discretionary and nondiscretionary security policies. 
The design of the kernel was formally specified. Mechanical techniques were used to 
check that the design conformed to the multilevel security property. All discovered 
security flaws were then either closed or minimized. This paper ... 

Keywords: Confinement channels, Information flow, Multilevel security, Operating 
system kernal, Specification, Verification 
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